A patchwork of enforcement bodies, evasion by targeted entities and the volume of information can make understanding who is subject to sanctions a difficult task — but OSINT is up to the challenge.

After the Russian invasion of Ukraine, Western governments have imposed broad sanctions against Russia to force it to end the war. At first sight, implementing these sanctions could be easy. Automated tools could check the sanctioned entities names, both individuals and organizations, against the sanctions lists enforced by the U.S. and the E.U.; however, it’s not that simple!

Secondary sanctions imposed by the Office of Foreign Assets Control (OFAC) target entities connected to those already sanctioned. For example, under Specially Designated Nationals and Blocked Persons (SDN List), an entity can be sanctioned if one of its owners owns more than 50% of its shares. Identifying all affiliated entities subject to these secondary sanctions can be challenging and requires extensive due diligence.

Conversely, sanctioned entities constantly develop new means to evade sanctions and break import/export barriers to acquire goods, services and money.

In this article, I will show how we can leverage OSINT to identify connections to sanctioned entities; this is crucial for organizations worldwide to maintain compliance and support national efforts to prevent foreign enemies from evading enforced sanctions.

List of sanctions imposed by Western countries

Here is a list of the most significant sanctions list worldwide.

Valuable tools to search within sanctions lists:

OSINT tools to aid in sanction screening

Conducting sanction screening of suspicious entities requires the utilization of a variety of tools and techniques. In this section, I will emphasize the use of free tools to assist investigators in researching individuals’ and corporations’ backgrounds, uncovering hidden connections with sanctioned entities.

Google Maps

Google Maps can be used to assess the legitimate location of the companies or individuals you are dealing with. All we need to do to use this service is to enter its address in the Google Maps search bar. We can also further inspect suspicious address using Google Street View (if Google Street View already covers the address).

Wayback Machine - Internet Archive

This is an important service I already discussed in most of my previous articles. The Wayback Machine can be leveraged in different ways in OSINT investigations, such as:

  • View archived versions of websites that have been taken down or altered
  • Discover connections between entities — by checking previous versions of old websites that could reveal the actual ownership of a company (see Figure 1) or its business partners along with their locations
  • Reveal contact information that was available on disconnected websites
  • Reveal deleted files that were available publicly in the past and get removed now
  • Track the changes of a website to reveal how it evolved and what products/services it used to sell or promote
     
screenshot from wayback machine showing owner of company on webpage 
FIG 1 |  Using the Wayback Machine to reveal previous archived copies of websites

Whois information

Checking domain name information in the Whois database provides leading trails to domain registrations and their associated entities. We can use Who or Whois domain Tools.

Check email addresses

During our search, we may find some email addresses linked to sanctioned individuals or companies. We can conduct OSINT email investigations using the following tools:

  • Reverse email lookup: we can use regular search engines such as Google and Bing to reverse email searches. Other useful tools include Hunter and using social media tools like Sherlock to search for all social media accounts of a particular person using their username on one social media service or email address
  • If you have an email address and you want to analyze it, you can use a service like the one of MXToolbox to make email headers readable by human

Financial news

A great deal of information about world corporations can be acquired by monitoring financial news. Here is a list of major financial news websites:

Corporation information

Before dealing with a company, it is critical to collect as much information about it as possible. There are many online services for gathering intelligence about world corporations; the following are the most popular ones:

Search leaked information

There is a debate whether OSINT gatherers should use leaked information in their research or not. However, when it comes to conducting background checks about suspicious entities, searching within leaked files, especially those leaked by investigative journalism, is considered ethical. For instance, searching within a leaked database may reveal who is behind offshore and proxy companies and to whom such companies are connected or partnered.
Here are some places to search for entities name within leaked papers:

  • Offshore Leaks Database: provides information about who is behind more than 810,000 offshore companies, foundations and trusts from the Pandora Papers, Paradise Papers, Bahamas Leaks, Panama Papers and Offshore Leaks investigations
  • WikiLeaks: publishes various leaks about global economy, international politics, world corporations, government, war and military
  • Aleph data platform: The archive contains a vast collection of current and historical databases, documents, leaks and investigative findings. OSINT gatherers can leverage this service to uncover valuable insights and enable discovering connections between people and organizations, tracing stolen funds, mapping political influence networks and revealing corruption. The diverse information sources (256 public datasets covering 124 countries and territories) facilitate combining data points to build a more complete picture for investigations (see Figure 2).
screenshot from OCCRP Aleph with details on leaked information 
FIG 2 | OCCRP Aleph contains a massive volume of leaked information covering corporations information, court and news archives and much more

Tracking transportations

Transportation companies, especially vessels and airplanes, play a crucial role in the global economy. They form the backbone of international trade. The first thing a sanctioned entity tries to do to evade sanctions is to infiltrate global transportation companies networks to deliver sanctioned products and equipments without drawing attention to their final end.

Tracking transportation companies is critical for OSINT gatherers because it allows them to:

  • Track and monitor suspicious behavior of transportation companies. For example, The Automatic Identification System (AIS) is a maritime transponder that automatically transmits a vessel's position, identity, and other information. AIS enables real-time tracking and monitoring of vessels, similar to air traffic control systems. If a ship is used to turn off its AIS while traveling in some locations, this could indicate a sign of conducting unauthorized trips to countries under sanctions. To track a specific vessel worldwide, go to MarineTraffic and search for its IMO number (which uniquely identifies every ship worldwide) or its name, and you should find different current and historical information about this ship — such as general information about the vessel, its current location, vessels photos and more (see Figure 3).
screenshot from MarineTraffic of vessel details 
FIG 3 | MarineTraffic is an excellent free online service to track vessels on a global level
  • Sanctioned entities could be using the services of transportation companies without their knowledge to evade sanctions. For example, a sanctioned country could import technological products to Dubai before sending them again to their final destination which is under global sanctions. Another example is when a non-sanctioned vessel shifts its cargo in the middle of the sea to another intermediary-sanctioned ship. Conducting background checks against the companies and the people we are making business relationships with is essential to discovering proxy companies and people trying to help sanctioned entities evade sanctions.

When suspicious about a vessel, we can search for its name using Google Dorks to find all relevant information.

Allintext:[ship name]

Allintext:[ship name] sanction

The United Nations has a list of sanctioned vessels: UN sanctioned vessels

To search for a maritime company, go to Maritime Companies Directory

Airplanes could be used to evade sanctions and deliver sanctioned products and equipment. Here are some free online services to track airplanes movements:

 Tracking airplanes will be easier when you have a list of all worldwide airplane companies:

As we saw in this article, conducting OSINT investigations to identify corporations and individuals trying to evade sanctions requires different tools and services. Although we did not mention it in the article, it is critical to have a graph tool to visualize connections between various entities; this will speed up the analysis and avoid wasting time going back and forth between different tools and online services.

 

Remember to stay secure and anonymous while you research. Protect your identity and the intent of your investigation with a purpose-built managed attribution platform like Silo for Research. 
 

Tags
Financial crime Law enforcement OSINT research